PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

HIPAA Whiteboard and HIPAA Interactive Whiteboard

HIPAA Whiteboard

Recently, I created two new HIPAA training resources. HIPAA Whiteboard I created a 1-page visual summary of HIPAA, which I call the HIPAA Whiteboard.  The idea was to summarize HIPAA in a concise and visually-engaging way.  You can download a PDF handout version here.  We’ve been licensing it to many organizations for training and awareness purposes. […]

Read More…

HIPAA Enforcement 2017: Another Big Year for HIPAA Enforcement

HIPAA Enforcement

At the end of 2017, the OCR logged just under $20 million in fines for HIPAA violations from 10 enforcement actions with monetary penalties.  In 2016, the total in penalties was roughly the same amount but from 15 organizations. Here is an overview of the resolution agreements and enforcement actions with civil monetary penalties from […]

Read More…

2017 HIPAA Enforcement

Art E.V.Pavlov_by_Repin

  The first quarter of 2017 is not yet over and the OCR has already released details of four HIPAA enforcement penalties totaling over $11 million.  2016 set a record with $20 million in fines for the year, with $5.2 million of that coming in the first quarter.  In just the first 2 months of […]

Read More…

Lessons from 2016, the Biggest HIPAA Enforcement Year on Record

HIPAA Enforcement

Time to call the Guinness Book of World Records because HHS has set a new world record in HIPAA enforcement.  2016 saw a considerable increase in HIPAA enforcement resolution agreements and monetary penalties.  At the end of 2016, the OCR logged over $20 million in fines for HIPAA violations from 15 enforcement actions with monetary […]

Read More…

HIPAA Cartoon on HIPAA’s Jargon

HIPAA Cartoon - TeachPrivacy HIPAA Training

HIPAA is famously impenetrable, with so many special terms and definitions.  I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate. I have another HIPAA cartoon here. […]

Read More…

HIPAA Cartoon – HIPAA Compliance Program

HIPAA Training - Cartoon HIPAA Compliance

Recently, HIPAA celebrated its 20th birthday.  HHS issued a celebratory blog post.  HIPAA is 20 years old if you start counting from the date the statute was passed (1996).  If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13. So HIPAA could be 20 years […]

Read More…

HIPAA’s Long Arm — and Why It’s a Good Thing

HIPAA Training

Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first HIPAA resolution agreement and monetary penalty against a business associate (BA). […]

Read More…

New Resource Page: Text of HIPAA’s Training Requirements

by Daniel J. Solove I recently created a new resource page for the TeachPrivacy website: Text of HIPAA’s Training Requirements.  This page provides excerpts of the training provisions in the HIPAA Privacy Rule and the HIPAA Security Rule. This page is designed to be a useful companion page to our resource page, HIPAA Training Requirements: […]

Read More…

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

by Daniel J. Solove At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with […]

Read More…